Third-Party Cookies in 2026: Where Things Actually Stand

For years, "the death of the third-party cookie" was treated as an imminent event with a firm deadline. Then those deadlines slipped — repeatedly. By mid-2026, the picture looks less like a clean sunset and more like a slow, uneven transition that is already well underway in some browsers and perpetually deferred in Chrome. Understanding what is real versus what is still in flux is essential before you restructure your measurement strategy.

Where Third-Party Cookies Actually Stand in Chrome

Google has not deprecated third-party cookies in Chrome at the time of writing. The company reversed its earlier plans to phase them out on a fixed schedule and instead announced in 2024 that it would give users a prominent choice over whether to allow cross-site tracking — a model closer to what Apple introduced with App Tracking Transparency (ATT) on iOS.

What this means in practice is that third-party cookies remain technically available in Chrome, but user choice prompts, when fully deployed, will reduce the population of users who actively permit them. Marketers should not interpret "cookies still exist" as "nothing has changed." The addressable audience reachable via third-party identifiers has already contracted substantially, driven not just by browser policy but by consent regulations, ad blocker adoption, and intelligent tracking prevention across browsers like Safari and Firefox.

If you want to understand the full regulatory backdrop, our guide to GDPR for marketers covers the consent requirements that sit alongside browser-level changes.

The Privacy Sandbox: What It Offers and What It Dropped

Google's Privacy Sandbox was positioned as the replacement infrastructure — a set of browser APIs that would enable advertising use cases without exposing individual cross-site identities. The suite includes the Topics API (interest-based signals), the Protected Audience API (on-device remarketing auctions), and the Attribution Reporting API (conversion measurement without third-party cookies).

Adoption among ad tech platforms has been mixed. Some demand-side platforms have integrated Topics and Protected Audience into their bidding logic; others have deprioritised Privacy Sandbox work in favour of their own identity solutions or first-party data strategies. The Attribution Reporting API, which provides aggregate and event-level conversion data with added noise and delays, offers a path forward for measurement but requires investment to implement and interpret.

Several proposals that were floated earlier — including FLEDGE's more ambitious variants — were scaled back following feedback from the ad industry and regulatory scrutiny from the UK's Competition and Markets Authority (CMA), which has been closely monitoring Google's deprecation process to ensure it does not entrench Google's own advertising business.

Safari, Firefox, and the Real Effective State

While Chrome's timeline has been fluid, Safari's Intelligent Tracking Prevention (ITP) has effectively blocked third-party cookies since 2017 and has continued to tighten cross-site tracking restrictions. Firefox blocks third-party cookies by default as well. Combined, these two browsers represent a large share of traffic for many B2B and consumer sites — meaning third-party cookie-based measurement has already been broken for a significant portion of your audience for years.

The practical implication: any measurement or attribution setup that still depends heavily on third-party cookies is already producing systematically incomplete data, regardless of what Chrome does next.

Google Consent Mode v2 and Its Role

In parallel with the Privacy Sandbox work, Google rolled out Consent Mode v2, which became required for European Economic Area traffic using Google Ads conversion measurement and remarketing as of early 2024. Consent Mode allows Google's tags to adjust their behaviour based on user consent signals: when a user declines cookies, the tags fire in a "cookieless" ping mode and Google uses modeled conversions to fill in the gaps.

This is an important transition: it means Google itself is building modeled measurement as the default fallback rather than relying on complete cookie-based data. Advertisers who have not implemented Consent Mode v2 are working with conversion data that is both legally exposed and increasingly inaccurate for EEA audiences.

What This Means for Your Marketing Stack

The practical takeaways for B2B marketers are more immediate than the headlines suggest. Third-party cookies are not universally dead, but building a measurement strategy around their continued availability is the wrong posture. The shift to cookieless tracking tactics — first-party data collection, server-side tagging, and modeled attribution — is not a future project. It is the current operating reality for accurate measurement.

Audit where your current measurement stack relies on third-party cookies: cross-site retargeting audiences, multi-touch attribution, cross-domain journey tracking, and conversion pixels for non-consenting users. Each of these needs a replacement path that does not depend on whether Chrome makes another announcement.